Security News > 2023 > August

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich. FIDO2 is the second major version of the Fast IDentity Online authentication standard, and FIDO2 keys are used for passwordless authentication and as a multi-factor authentication element.

Generative AI has landed on Gartner's coveted Hype Cycle for Emerging Technologies for 2023, the firm announced Wednesday. The firm said generative AI will bring "Transformational benefit" in the next two to five years.

According to Colorlib, WordPress is used by over 800 million websites worldwide. It is vital to protect your WordPress site and your data, readers, users and company by regularly auditing your WordPress site's security configurations.

Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems. Some proxy companies sell access to residential proxies and offer monetary rewards to users who agree to share their bandwidth.

A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security. According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector.

It's taking place September 18-20, 2023 in Washington, DC. mWISE conference organizers have just announced new keynote panels focused on two of the most pressing issues facing security practitioners right now: Artificial Intelligence and advanced adversaries. 1) AI and Security Standards: Maximizing Innovation While Minimizing RiskAI has immense potential, but we need to make sure it works for everyone.

LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom.Users discussing their compromised LinkedIn accounts.

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The 2023 Verizon Data Breach Investigations Report revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated.

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared with The Hacker News.

The UK Electoral Commission discovered last year that it was hacked the year before. That's fourteen months between the hack and the discovery.